Últimas notícias

Fique informado

Chinese APT Hackers Target Southeast Asian Government Institutions



ONLYOFFICE, plataforma colaborativa, apresenta sua estrutura de segurança de dados

Confira a entrevista na íntegra com Nadya Knyazeva, Gerente de Comunicação da ONLYOFFICE, a plataforma open source que possui mais de sete milhões de usuários no mundo


Lei da Internet das Coisas segue para sanção presidencial e deve impulsionar o mercado de eIDs

Os equipamentos que utilizam a Internet precisam ser identificados para a autenticação precisa máquina a máquina e, em alguns casos, é primordial estarem blindados contra invasões hackers.


Doutor Fabiano Menke Concede Entrevista Sobre a Evolução das Assinaturas Eletrônicas

Nesta entrevista Dr. Fabiano Menke fala sobre a Lei 14.063 de setembro de 2020 e sobre o Decreto 14.543 de novembro de 2020 sobre os tipos de assinaturas eletrônicas


A certificação de plataformas de telemedicina para uso da assinatura digital

O uso de certificados digitais para assinatura de documentos clínicos é adotado no Brasil desde a primeira resolução do Conselho Federal de Medicina (CFM), em 2007


Decreto 14.543/2020 regulamenta o artigo 5º da Lei 14.063/2020

O decreto 14.543/20 define alguns requisitos do artigo 5º Lei 14.063/2020.


How TinyML Makes Artificial Intelligence Ubiquitous

TinyML is the latest from the world of deep learning and artificial intelligence, it brings the capability to run machine learning models.


Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018

“The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PcShare RAT and FunnyDream backdoor binaries, with forensic artefacts pointing towards a sophisticated Chinese actor,” Bitdefender said in a new analysis shared with The Hacker News.

It’s worth noting that the FunnyDream campaign has been previously linked to high-profile government entities in Malaysia, Taiwan, and the Philippines, with a majority of victims located in Vietnam.

According to the researchers, not only around 200 machines exhibited attack indicators associated with the campaign, evidence points to the fact the threat actor may have compromised domain controllers on the victim’s network, allowing them to move laterally and potentially gain control of other systems.

The research has yielded little to no clues as to how the infection happened, although it’s suspected that the attackers employed social engineering lures to trick unwitting users into opening malicious files.

malware flow

Upon gaining an initial foothold, multiple tools were found to be deployed on the infected system, including the Chinoxy backdoor to gain persistence as well as a Chinese remote access Trojan (RAT) called PcShare, a modified variant of the same tool available on GitHub.

Besides using command-line utilities such as tasklist.exe, ipconfig.exe, systeminfo.exe, and netstat to gather system information, a number of others — ccf32, FilePak, FilePakMonitor, ScreenCap, Keyrecord, and TcpBridge — were installed to collect files, capture screenshots, logging keystrokes, and exfiltrate the collected information to an attacker-controlled server.

The investigation also uncovered the use of the aforementioned FunnyDream backdoor starting in May 2019, which comes with multiple capabilities to amass user data, clean traces of malware deployment, thwart detection and execute malicious commands, the results of which were transmitted back to command-and-control (C&C) servers situated in Hong Kong, China, South Korea, and Vietnam.

“Attributing APT style attacks to a particular group or country can be extremely difficult, mostly because forensic artefacts can sometimes be planted intentionally, C&C infrastructure can reside anywhere in the world, and the tools used can be repurposed from other APT groups,” the researchers concluded.

“During this analysis, some forensic artifacts seem to suggest a Chinese-speaking APT group, as some of the resources found in several binaries had a language set to Chinese, and the Chinoxy backdoor used during the campaign is a Trojan known to have been used by Chinese-speaking threat actors.”

Source: The Hacker News

Digital Identity on the Blockchain: Securing User Data With Chainlink

Is quantum computing a cybersecurity threat?

The ultimate guide to encryption key management

Siga o Crypto ID no Linkedin e acompanhe as atualizações sobre inovação e segurança da informação com foco em eIDs e Criptografia!


Content Syndication

Content Syndication – the content distribution is a method of republishing content developed by your company on other websites to reach a wider audience and bring new visitors to your site. Contact us about Content Syndication, contato@cryptoid.com.br | +55 11 3881 0019.

Surprise yourself with the quality of our audience! Media Kit.